Announcing Espionage 3 for the Mac App Store!

Today we’re announcing a brand new, completely rewritten and redesigned Espionage: Espionage 3. Espionage 3 is the result of the combined efforts of Tao Effect and cocoaWithChurros‘ Ernesto Garcia.

What’s New?

Simply put: simplicity and stronger security. We decided to do a complete rewrite of Espionage, focusing more on its user interface, improving its internal design, and making it more secure. We accomplished this by removing many of the decisions facing the user.

Layers of Plausible Deniability

We’ve added multiple layers of plausible deniability to protect you if you’re ever forced to give up your master password. By allowing you the ability to have multiple master passwords through Folder Sets, you can now voluntarily give up only the password to the set of folders that you don’t care about, and Espionage 3 in no way makes it obvious that you have other folders encrypted.

Also, while folders are locked, they appear empty by default, but you can put irrelevant files into them! This means that when a folder is locked, whoever is using your computer will see one set of files when opening it, and when you unlock the folder, you’ll see the other, secret set of files.

We’ve also added the much-asked for feature of folder auto-lock!

Espionage 3 Uses Scrypt!

There is now only one password that you need to worry about: your master password. Your master password is used to encrypt each of the individual, high-quality, Espionage-generated passwords for each folder (which Espionage automatically uses to unlock each folder).

Espionage 2 stores these passwords in OS X’s keychain, which uses 3DES. That just doesn’t cut it for us. For Espionage 3, we searched for the best protection we could find and we found the SCRYPT key-derivation function. We put your master password through scrypt and encrypt each sparsebundle password using AES-256. As a key-derivation function, it is 2^8 times more expensive to attack than the industry standard PBKDF2 alone, and 2^5 times more expensive to attack than bcrypt.

What does this mean in practice? It means that even those who foolishly choose weak passwords for their master password will still benefit from the new security of Espionage 3. It will test the patience of someone running a dictionary-based attack even for simple passwords (that said, we recommend you keep your passwords strong).

Application Associations and the Password Prompt Are Gone

This may come as a sacrifice, but we decided to remove application associations and the password prompt from Espionage. This was a decision that wasn’t made lightly, but one that had to be made due to the complexity and technical problems that kept coming up with these features (especially with the release of OS X 10.71). On the positive side, this means that Espionage 3 no longer needs to install a kernel extension to work, and is also allowed on the Mac App Store. Also, now that Lion has been released, we feel that the new FileVault 2 is a great improvement over the previous version, adequate now to protect application data, and so we’re recommending users to use FileVault 2 in conjunction with Espionage 3.

If you still want to protect application data with Espionage 3, it is possible, just not as convenient as it was in the previous version (which you can use in conjunction with Espionage 32): locate the folder that has the application data in it and encrypt it with Espionage. Then make sure the folder is unlocked prior to running the application data. The easiest way to do this is to set the folder to autounlock when you login and leave it unlocked while you’re logged in. Note that, as with Espionage 2, you will run into problems if you use Lion’s application auto-start feature. If an application runs before it’s data is unlocked, it will act as if it’s running for the first time. This is just one reason we recommend using FileVault 2 to protect application data.

How to Upgrade

Espionage 3 and Espionage 2 are completely different programs, and Espionage 3 does not “auto-upgrade” from Espionage 2. Please do not overwrite your copy of Espionage 2 with Espionage 3. You can have both programs running on your computer at the same time by renaming your existing copy of Espionage to “Espionage 2”. To move your folders from Espionage 2 into Espionage 3, you’ll need to first remove them from Espionage 2 (decrypting them), and then add them to Espionage 3 to re-encrypt them.

Note: DO NOT UNINSTALL ESPIONAGE 2 if you have installed version 3 and have encrypted files with it. Please wait till we release v3.0.1 to do this.

Lifetime Users Will Receive an Email with their Espionage 3 License

We have a lot of these to send out, and to prevent our hosting provider from marking us as spammers, we have to send these out at timed intervals, but if you’re a lifetime license holder you should receive your license within 72 hours of this announcement. Please watch your inbox and check you spam folder if you haven’t received it by then. Also, if you’re a lifetime license holder, please do not buy the Mac App Store version but instead download Espionage from our site.

Espionage – Now more affordable! 🙂

Espionage 3 is now $9.99 during the launch week!

We are also lowering the price of Espionage 2! Espionage 2 is now just $9.99 as we focus development on its newest incarnation.

Thank You!

We’d like to sincerely thank our customers for their support over all these years!

1 For example, Lion introduced a feature where applications start automatically when you restart your computer. We could not figure out how to make Espionage 2 compatible with this feature. The sandboxing “feature” also presents many difficulties.2 Running Espionage 2 and Espionage 3 together is possible. Espionage 2’s helper will run alongside Espionage 3. However, to run the main app you’ll need to temporarily quit Espionage 3 before launching Espionage 2.

I just purchased version 3 from your website, and find that it shows up in my applications folder as, “Espionage 2”, which was strange, because it is clearly identified as “ver 3” and dated 5/10/12 (my current version was just “Espionage” in my applications folder, and identified as “ver 2.8.13”.

Upon opening Espionage 3, after paying $9.99 for it via PayPal, it indicated to me that I have “free trial 14 days left”, making it seem like your system did not recognize my payment.

These two things may make it confusing for other customers, as they were for me, at first.

So since you’ve dropped support for Application association, can we still protect Application data and keep people out of specific programs? Or do we just dig, find and encrypt the application/program data folder?

Hey Marcus, we’ve updated the post and the section on application associations. Yes it’s possible to still encrypt application data (as mentioned above on the updated section), but there no longer is a password prompt that appears. Using the example of Mail, if you encrypt Mail’s data and run Mail while its folder is locked, it will start up as if it’s starting for the first time with no email.

Wow! The removal of application associations is a massive step backwards as far as I’m concerned, as this is basically all I use Espionage for (I find Disk Utility images more convenient for other things). Indeed, this was its unique selling point, and what really made it stand out from other security utilities. And I’d hardly call it complex. Will Espionage 2 be updated to stay compatible with Mountain Lion?

follow up question to Greg’s reply above: once we’ve moved our files to Esp 3, can we delete version 2? To do so, is it simply dragging the old icon from the applications folder to the trash, or is there a special delete program or process required to do so?

@Greg: that’s good to know, but doesn’t entirely answer my question. If a future point version breaks Espionage 2 (for example), will it be updated to stay compatible, at least with future point versions of Mountain Lion?

+1 to Lee J.
Espionage (2) was my secondary method of encryption next to TrueCrypt because of the easy methods of securing and unlocking applications. So basically I am going to have to stay with espionage 2 while I am finding a replacement asap because 3 and any version after this are now no option for me anymore And no autounlocking after login is not a option as it defies the entire purpose of having security while logged in and a user should not have to go through extra hoops for something that was easy in the first place.

So we come to the solution offered FileVault 2 and why it is *not* a solution in certain setups. Filevault 2 only allows full disk encryption instead of the older Home folder based encryption why is that a problem? Because of theft.

I can’t go for the FileVault option because of tracing software if my system gets stolen I need them to login on a dummy honey pot account if they can’t boot I can’t retrieve there personal information nor can I wipe the disk in case I am dealing with a profesional hacker/cracker on the other side. Encrypting is one thing monitoring is another.

This *should* have been communicated to the consumers before it was released its such a big change to the overall security model that it warrants that it would be receive with a lot less commotion. Moreover this move to the Appstore will result in a lot less secure environment in the long run because a lot of actions/features will be restricted by what Apple dictates.

There is no jumpship or adapt mentality here I see companies do both. Two separate versions one Appstore version less features lower price. The other being higher priced for the features it offers and sold through another store. Which is a fine busines model that works and keeps both consumer level as powerusers happy.

Apple giving you headaches already? Wait till you see the review time required for any updates to come through the store. I feel sorry for you guys I truly am but I am bailing ship instead of jumping nor adapting.

Frankly, I think you “threw the baby out with the bath water.” I don’t so much mind the loss of encryption of application specific data, but the loss of the password prompt for ordinary folders is a PITA. “Easy access from the menu bar.” Meh. How about just double clicking on the file you need, instead of having to go somewhere else on the screen? I also understand there is no right-click menu option. If so, this is a great leap backward.

Are backups no longer automatic? If so, another leap backward. This was enormously convenient.

So disappointing, this amounts to a downgrade whatever the merits of Scrypt. Like the majority of respondents, the key feature that set Espionage apart for me was application-associations …suggesting that FileVault 2 is an appropriate alternative is to completely overlook the fact that many users, if not most, don’t log-out or shutdown for days or weeks at a time and thus application-data will be unsecured, not to mention access to the respective apps themselves.

It’s a real shame that Tao did not see fit to poll it’s users before admitting defeat. It would have been preferable to disable automatic launching of apps in the OS in favour of keeping application associations. The option should have been there.

Furthermore, what’s the point in suggesting that Espionage 2 and 3 can theoretically be run together? Surely, if this was ever a genuine intention then it would have made sense to have the application renamed so that neither the app itself or support folder, preferences, etc conflicted.

Knox, offers much greater portability for encrypting my document and project files and retains a back-up function that avoida having to place the ‘live’ folders in Dropbox. My support for Espionage hinged on where it innovated, ie. application-associations, without these there is no compelling reason to continue with it. Such a shame !

@Ross: there are no built-in backups because v3’s design makes it unnecessary. You simply use whatever backup software you want, like Time Machine, to backup the disk image.

Yes, it’s OS 10.7 only. You can double-click on the folder in the list and it will open it up. This can be faster than searching for it in the Finder.

I understand the frustration of many here who are sad to see app associations go. I am not happy about it either. Lion presented many challenges for us and we bent. I thank you for sticking with us for this long. We now have an app that is simply different, better in some respects, than version 2. I still feel it’s the best encryption app for the Mac. Blows Knox out of the water, IMO. 😉

Like many, I too, like to support developers of software I use. I have an iMac with Lion and a Macbook Pro with Snow Leopard. When I tried to install version 3 on my MBP, I was informed that it didn’t work on my OS.

I’ve read all the comments and it’s clear that there are many that like Application Associations. It’s not something I used. Maybe I’m stoopid but if you don’t like an app, just don’t buy it. That’ll teach the developers a lesson 😉

The loss of income to the developer may be enough that they will change things. But from what I’ve read, the developers tried everything to keep this feature but there were just too many obstacles to overcome related to Lion. So maybe everyone upset over the loss of App Associations should be upset with Apple, not Tao Effect.

And just to show that I’m not taking up for Tao Effect, using two products (Espionage and File Vault 2) does seem counter-productive, sort of like a Rube Goldberg invention.

@PulpDoctor I can’t speak offcourse for everyone here but I know that a lot of users are devote people that are willing to compromise features on there software if there is no other choice. The problem however is we are talking about security measures and it is never wise to fiddle to much on that at one time. True enough we can stick with espionage 2 for now but if Tao has no interest in keeping the for us necessary functions than we are taking a incredible risk but so are they. We don’t know for how many OS versions 2 will be supported as the given reason that Lion 10.7 was a challenge Mountain Lion 10.8 will be almost impossible to manage without puling resources from the development cycle of 3 and future products. The problem isn’t the product it is how the company communicates outwards. The product support is great let me first point that out no problem what so ever on that. But the company is not involving its userbase as much as it should for there own benefit. They are forgetting that most people who have interest in a product are a potential free resource. We are happy to provide feedback think on providing workarounds or even marketing the product for zero money. If Tao had provided a roadmap a lot of this commotion was reduced to a few whines instead of serious legit concerns. If Tao had provided a subboard like Feedback the forum wouldn’t be a mess right now with a lot of confused users. We are all losing on this either the product, money, time or all at once.

@Lee: I did mention this in a reply to you above, yes, in our testing Espionage 2 works on Mountain Lion, however, at the moment our decision is to focus on version 3. There are too many existing, and more importantly, potential issues that can arise with the way version 2 is designed. Fundamentally what Espionage 2 is doing is messing with third-party data that we don’t have control over. If a user, or in the case of sandboxing, an operating system, decides to move this data, or rename it, the headaches for us and users can be endless. Espionage 2 works perfectly for some users but for many others it does not because of this design. The proof is in the support requests we receive for it via email and on the forums. It was consuming all of my time, and I couldn’t keep up with it, so I decided to create a version that does less but does what it does better.

I want Application Association back! This feature was the only reason that led me to purchase your product. Luckily before upgrading I tried the v3 and I discovered this BIG lack. I will stay on v2, even if I will miss the auto adjusting size feature.

Ouch ! Application Association is the main reason i use Espionage and the one feature that sets it apart from similar tools.
If the problem is really the Appstore and its limitations , then perhaps the solution would be to release a “Basic” version on the Appstore, and an “Advanced” version ( that brings back Application Association) sold only thru your website ?

1. Close EspionageHelper (so 2 folders aren’t protected anymore)
2. Move the hidden .sparsebundle (inside the normally protected folder) to another place
3. Created a new encrypted folder with v3
4. Delete the .sparsebundle v3 created, rename the old v2 one and moved it to where the v3 .sparsebundle was
5. Change the password of the v2 .sparsebundle to whatever v3 created

Decrypting and encrypting a 2.5TB sparsebundle isn’t what I want to do when all I do is upgrading an app.

There is a limitation in the software (Knox) that is not spelled out in the documentation, hence my bad experience.

Judging from the research I’ve been doing, Espionage 3, for all its shortcomings, may still be the best game in town. Certainly, their customer support is excellent. Here’s hoping Espionage 4 is better.

I mentioned using Knox …it has the advantage that it’s vaults are portable so for documents and project files I found it a better option than Espionage 2, which I used exclusively for locking access to, and encrypting the application, application-support folder and cache folder for those apps that I considered as sensitive …namely Mail, Safari, Address Book, iCal and Omnifocus.

In the beginning I found the behaviour of Knox vaults, i.e. them mounting as volumes, less elegant than the folder method employed in Espionage 2. However, apart from the annoying fact that calculate-folders had to be disabled and disclosure-triangles carefully monitored to avoid unnecessary prompts, that Espionage 2 actually disguises the sparsebundle as a folder is potentially dangerous and insecure for the uninitiated as files are copied to it and not moved.

I have no doubt that Scrypt is more advanced than the system used by Knox, and it’s a frustration that since buying the app, Agilebits has done nothing to develop it …well so far! Nevertheless, it’s portability and integrated back-ups, such that they can be located to the Dropbox folder are still compelling features and reasons to stick with Knox.

For all my concerns, I have downloaded Espionage 3 to explore so Tao have my money and hopefully it will go into ‘fixing’ some of the functionality.

Lastly, I would reiterate that it ‘s a lack of understanding about how users run their systems 24/7 which is the most serious oversight …all other encryption software failed to address this, now sadly so has Espionage too !!

In the case of Mail, and I assume other apps as well, one can relocate the various data/support folders to a location outside of the Library folder and replace them with aliases …this gets around the current problem with not being able to encrypt anything inside the Library folder itself.

This solves encrypting locally stored emails, however, unfortunately launching Mail with the local data locked still does not prevent the ‘Get Mail’ action to refresh the view of one’s mail from iCloud !! ….application-associations anyone.

Sorry Greg …I’m sure you weren’t ready for so much fallout . Despite the whole application-associations thing being regrettable I sincerely hope you can pick yourself up and move forward positively. Thanks for Espionage 2 and good luck with version 4. :-))

Thanks Andrew. I don’t know if you saw this but in the next update (3.0.1) it will be possible to encrypt folders in the Library folder. We may figure out how to add application associations back to Espionage 3, it may just take some time.

Just another in the camp of wanting password prompt with applications back. Had knox and moved to Espionage for that reason several years ago. As suggested by one or more folks, I’d pay extra for an Espionage Pro version sold solely on the website, if Apple isn’t playing nice and is forcing the software development to change course.

@Antonio: before the month is over we should release Espionage 3.5. While it won’t bring the password prompt back, it will include a feature called Folder Actions that will make it possible (much more convenient really), to encrypt application data.